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Abstract. We provide a lower complexity bound for the satisfiability 
problem of a multi-agent justification logic, establishing that the gen¬ 
eral NEXP upper bound from our previous work is tight. We then use 
a simple modification of the corresponding reduction to prove that sat¬ 
isfiability for all multi-agent justification logics from there is Uf-hard 
- given certain reasonable conditions. Our methods improve on these 
required conditions for the same lower bound for the single-agent justi¬ 
fication logics, proven by Buss and Kuznets in 2009, thus answering one 
of their open questions. 


1 Introduction 

Justification Logic is the logic of justifications. Where in Modal Epistemic Logic 
we use formulas of the form □</> to denote that <j) is known (or believed, etc), in 
Justification Logic, we use t :<f> to denote that <j) is known for reason t (i.e. t is a 
justification for </>). Artemov introduced LP, the first justification logic, in 1995 
[5], originally as a link between Intuitionistic Logic and Peano Arithmetic. Since 
then the field has expanded significantly, both in the variety of logical systems 
and in the fields it interacts with and is applied to (see [6, 7] for an overview). 

In [21] Yavorskaya introduced two-agent LP with agents whose justifications 
may interact. We studied the complexity of a generalization in [3] and [4], dis¬ 
covering that unlike the case with single-agent Justification Logic as studied 
in [12,13,15,8,1], the complexity of satisfiability jumps to PSPACE- and EXP- 
completeness when two or three agents are involved respectively, given appropri¬ 
ate interactions. In fact, the upper bound we proved was that all logics in this 
family have their satisfiability problem in NEXP under reasonable assumptions. 

The NEXP upper complexity bound was not met with the introduction of a 
N EXP-hard logic in [4]. The main contribution of this paper is that we present 
a N EXP-hard justification logic from the family that was introduced in [4], thus 
establishing that the general upper bound is tight. 

In general, the complexity of the satisfiability problem for a justification logic 
tends to be lower than the complexity of its corresponding modal logic 1 (given 

1 That is, the modal logic that is the result of substituting all justification terms in 
the axioms with boxes and adding the Necessitation rule. 



the usual complexity-theoretic assumptions). For example, while satisfiability for 
K, D, K4, D4. T, and S4 is PSPACE-complete, the complexity of the corresponding 
justification logics (J, JD. J4. JD4, JT, and LP respectively) is in the second level 
of the polynomial hierarchy (in Zl), specifically). In the multi-agent setting we 
have already examined, this is still the case: many justification logics that so 
far demonstrate a complexity jump (to PSPACE- or EXP-completeness) have 
corresponding modal logics with an EXP-complete satisfiability problem (c.f. 
[20,9,1,2]). It is notable that, assuming EXP ^ NEXP, this is the first time we 
have a justification logic with a higher complexity than its corresponding modal 
logic, and, in fact, the reduction we use makes heavy use of the effects of the 
way a justification term is constructed. 

In a justification logic, the logic’s axioms are justified by constants, a kind 
of minimal (not analyzable) justification. A constant specification is part of the 
description of a justification logic and specifies exactly which constants justify 
which axioms. There are certain standard assumptions we often need to make 
when studying the complexity of a justification logic. One is that the logic has an 
axiomatically appropriate constant specification, which means that all axioms 
of the logic are justified by at least one justification constant. Another is that 
the logic has a schematic constant specification, which means that each constant 
justifies a certain number of axiom schemes (perhaps none) and nothing else. 
Finally, the third assumption is that the constant specification is schematically 
injective, that is, it is schematic and each constant justifies at most one scheme. 

It is known that for (single-agent) justification logics J, JT, J4, and LP, the 
satisfiability problem is in Z| for a schematic constant specification ([12]) and for 
JD, JD4, the satisfiability problem is in Zl] for an axiomatically appropriate and 
schematic constant specification ([13,1]). As for the lower bounds, Milnikel has 
proven ([17]) that J4-satisfiability is ZJ(-hard for an axiomatically appropriate 
and schematic constant specification and that LP-satisfiability is Zj-hard for 
an axiomatically appropriate, (schematic,) and schematically injective constant 
specification. Following that, Buss and Kuznets gave a general lower bound in [8], 
proving that for all the above logics, satisfiability is Zj-hard for an axiomatically 
appropriate, (schematic,) and schematically injective constant specification. This 
raised the question of whether the condition that the constant specification is 
schematically injective is a necessary one, which is answered in this paper. 2 

We present a general lower bound, which applies to all logics from [4]. This 
includes all the single-agent logics whose complexity was studied in [12,13,8,1]. 
In fact, Buss and Kuznets gave the same general lower bound for all the single¬ 
agent cases in [8] and it is reasonable to expect that we could simply apply their 
techniques and achieve the same result in this general multi-agent setting. Our 
method, however, presents the following two advantages: it is a relatively simple 
reduction, a direct simplification of the more involved N EXP-lrardness reduction 
and very similar to Milnikel’s method from [17]; it is also an improvement of 
their result, even if it does not improve the bound itself in that for our results 
the requirements are that the constant specification is axiomatically appropriate 

2 The answer is ‘no’. 
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and schematic - and not that it is schematically injective as well. In particular 
this means that we provide for the first time a tight lower bound for the full 
LP (LP where all axioms are justified by all constants). The disadvantage of our 
method is that, unlike the one of Buss and Kuznets, it cannot be adjusted to 
work on the reflected fragments of justification logic, the fragment which includes 
only the formulas of the form t : (f>. 


2 Background 

We present the family of multiagent justification logics from [4], its semantics 
and *-calculus, and notation we will be using. The definitions and propositions 
in this section can be found in [3,4]. 

2.1 Syntax and Axioms 

The justification terms of the language L n include constants ci,C 2 ,C 3 ,... and 
variables xi, X 2 , £ 3 ,... and t ::= x | c | [t +t] \ [t ■ t] |!f. The set of terms is called 
Tm. The n agents are represented by the positive integers i G N = {1,... ,n}. 
The propositional variables will usually (but not always, as will be evident in 
the following section) be pi,p 2 ,---- Formulas of the language L n are defined: 
<[> ::= _L | p | -1 (f> \ (j)^-(j)\(j)f\<j)\<j)\/(j)\t:i<j), but depending on convenience 
we may treat some connectives as constructed from others. We are particularly 
interested in rL. n = {t <j> G L n }. Intuitively, • applies a justification for a 
statement A —> B to a justification for A and gives a justification for B. Using 
+ we can combine two justifications and have a justification for anything that 
can be justified by any of the two initial terms - much like the concatenation 
of two proofs. Finally, ! is a unary operator called the proof checker. Given a 
justification t, for <f>, !f justifies the fact that t is a justification for <f>. 

If C, ^ are binary relations on the agent set {1,..., n} and for every agent 
i, F(i) is a (single-agent) justification logic (we assume F(i) € {J. JD, JT}), then 
justification logic J = ( 11 , C, F)cs has the axioms as seen on Table 2.1 and 
modus ponens. The binary relations C,^-> determine the interactions among 
the agents: C determines the instances of the Conversion axiom, while the 
instances of the Verification axiom, so if i C i, then the justifications of agent j 
are also valid justifications for agent i (i.e. we have axiom t-.j (f> —> t :*0), while if 
i '->• i, then the justifications of agent j can be verified by agent i (i.e. we have 
axiom t -.j (j> —>\t :* t -.j fi). F assigns a single-agent justification logic to each agent. 
We would assume F(i) is one of J. JD. JT, J4. JD4. and LP, but since Positive 
introspection is a special case of Verification, we can limit the choices for F(i) to 
logics without Positive Introspection (i.e. J, JD, and JT). CS is called a constant 
specification. It introduces justifications for the axioms and is explained in Table 
2.1 together with the axioms. We also define i D j iff j C i and i j iff j '-G i. 

In this paper we will be making the assumption that the constant speci¬ 
fications are axiomatically appropriate: each axiom is justified by at least one 
constant; and schematic: every constant justifies only a certain number (0 or 
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General axioms (for every agent i): 


Propositional Axioms: Finitely many schemes of classical propositional logic; 
Application: s :,(</>—>■ ip) (t rp —t [s • t ] \i ip ); 

Concatenation: s <j> —>• [s + t\ <j>, s<j> —¥ [t + s]:j <p. 

Agent-dependent axioms (depending on F(i)): 

Factivity: for every agent i, such that F(i) = JT, tn(p —> (p\ 

Consistency: for every agent i, such that F(i) = JD, t\ ,_L —>■ _L. 

Interaction axioms (depending on the binary relations C and ): 

Conversion: for every i D j, t:i<p — I 
Verification: for every i <—> j, t:i<f> —¥\t:jt - .i<p. 

A constant specification for (n, C, F) is any set of formulas of the form c:. A, where 
c a justification constant, i an agent, and A an axiom of the logic from the ones above. 
We say that axiom A is justified by a constant c for agent i when c:; A G CS. 

Axiom Necessitation (AN): t \i 4>, where either € CS or t =!s and <j> = s\j ip 
an instance of Axiom Necessitation. 

Table 1. The axioms of ( n , C, F)cs 


more) of the logic’s axiom schemes (Table 2.1) - as a result, every constant jus¬ 
tifies a finite number of axiom schemes, but either 0 or infinite axioms, while if 
c justifies A for i and B results from A and substitution, then c justifies B for i. 

We use the following notation and conventions: For justification terms t ±,... ,t-k 

and formulas (pi ,..., (pk , term -Kfc] is defined as - \~tk-i]+tk\, 

[ti • <2 • • • tk\ is defined as [[ti • <2 • • • tk-i] ■ tfc], and {(p\ A (p 2 A • • • A (pk) as 
{{(p\f\(p 2 /\- • ■ /\(pk-i) A(pk) when k > 2. We often identify conjunctions of formu¬ 
las with sets of such formulas, as long as these can be used interchangeably. For 
set of indexes A and = {t a H a <Pa \ a G A}, we define = {< p a \ a G A, i a = i} 

and *<P = {*i a (t a ,(p a ) I a € A}. Often we identify 0,1 with _L, T respectively, as 
long as it is not a source of confusion. 

Lemma 1 (Internalization Property, [4], but originally [5]). For an ax- 

iomatically appropriate constant specification CS, if h (p, then for any i G N 
there is some term t such that for any </>' substitution instance of <p, b t'-iff. 

Proof (Quick sketch). By induction on the proof of <p: easy by AN if (p is an 
axiom and using the application axiom if (p is the result of modus ponens. □ 

The Internalization Property demonstrates three important points. One is 
that a theorem’s proof can be internalized as a justification for that theorem. 
Another point is that Modal Logic’s Necessitation rule survives in Justification 
Logic - in a weakened form as an axiom and in its full form as a property of 
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the logic. The third point is the importance of the assumption that the constant 
specification is axiomatically appropriate as it is necessary for the lemma’s proof. 


2.2 Semantics 

We present Fitting (F-) models for J = (n, C, F)cs- These are Kripke models 
with an additional machinery (an admissible evidence function) to accommodate 
justification terms. They were introduced by Fitting in [10] with variations ap¬ 
pearing in [19,14]. 

Definition 1. An F-model M for J is a quadruple (W, {Ri)ieN, {£% ), eJ v, V), 
where W ^ 0 is a set, for every i £ N, Ri C W 2 is a binary relation on W, 
V : Pvar —> 2 W and for every i £ N, : (Tm x L n ) —> 2 W . W is called the 

universe of M. and its elements are the worlds or states of the model. V assigns 
a subset of W to each propositional variable, p, and £i assigns a subset of W to 
each pair of a justification term and a formula. {£f)i^N is often seen and referred 
to as £ : N x Tm x L n —► 2 W and £ is called an admissible evidence function 
(aef). Additionally, for any i £ N, formulas (f,if, and justification terms t,s, £ 
and jv must satisfy the following conditions: 

Application closure: £i(s, (f —>■ if) (~l £i{t, (f) C £,(s • t, if). 

Sum closure: £i(t, <j>) U £i(s, <j>) C Sfit + s, </>). 

AN-closure: for any instance of AN, t\i<j), £i(t,<f) = W. 

Verification Closure: If i ^ j, then £j(t,<f >) C £ t (!t,t:i<f>) 

Conversion Closure: If i C j, then £j(t, <fj) C £i(t, <j>) 

Distribution: for j i anda,b £ W, ifaRjb anda £ £i(t,4>), thenb £ £i(t,(j)). 3 4 

— If F(i) = JT, then Ri must be reflexive. 

— If F(i) = JD, then Ri must be serial (Va £ W 3b £ W aRib). 

— If i j, then for any a,b,c £ W, if aRibRjc, we also have aRjcA 

— For any i C j, Ri C Rj . 

Truth in the model is defined in the following way, given a state a: 

— A4, a T and if p is a propositional variable, then A4, a [= p iff a £V(p). 

— M, a \= <f —> if if and only if M, a \= if, or M, a \f= (f. 

— M,a |= t'-ifi if and only if a £ £i(t,cf) and M,b |= tf for all aRib. 

A formula (f is called satisfiable if there are M, a [=</>; we then say that A4 
satisfies (f in a. A pair (W, ( Ri)i^N ) as above is a frame for (n, C, F)cs- We 
say that M. has the Strong Evidence Property when JCl, a \= t:i<f iff a £ £i(t, (f). 
J is sound and complete with respect to its F-models; 5 it is also complete with 
respect to F-models with the Strong Evidence property. Furthermore, J has a 

3 If we have M,a \= t\i<f - and thus a G £i(t, (j) - we also want M, a \=\t \j t u (f to 
happen and therefore also M, b \= t u rf - so b G £i{t, f>) must be the case as well. 

4 Thus, if i has positive introspection (i.e. *<->•*), then Ri is transitive. 

5 That CS is axiomatically appropriate is a requirement for completeness. 
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“small” model property, as Proposition 1 demonstrates. Completeness is proven 
in [3,4] by a canonical model construction with maximally consistent sets of for¬ 
mulas as states; Proposition 1 is then proven by a modification of that canonical 
model construction that depends on the particular satisfiable formula </>. 

Proposition 1 ([3,4 ]). If <f> is J-satisfiable, then f is satisfiable by an F-model 
for J of at most 2^1 states which has the strong evidence property. 

2.3 The ^-calculus. 

The *-calculus gives an axiomatization of r J = {</> £ rL n \ J b (j)}, the reflected 
fragment of J. It is an invaluable tool in the study of the complexity of Justi¬ 
fication Logic and when we handle aefs and formulas in rL n . A ^-calculus was 
introduced in [11], but its origins can be found in [18]. 

If t is a term, f is a formula, and i £ N, then * j(f, </>) is a ^-expression. Given 
a frame T = (IT, (I?;)j e jv) for J, the ^-calculus for J is the derivation system 
on ^-expressions prefixed by states from IT (^-expressions from now on) with 
the axioms and rules that are shown in Table 2.3. 



* «-)> (J 7 ): For any i 9 j , 

*C5(J r ) Axioms: w *i ( t,f> ), where t(j> 

V) *i (t, <j>) 

an instance of AN 

*App(J r ): 

w *j (!) 

W *i ( s , f —► ip) W *i ( t , 0) 

W *i (s • t,lf) 

* C (T): For any j D j, 

W *i (t, <j>) 

♦ Sum (J-): 

W *j (f, </>) 

W *i (t, (j) ) W *i (s, f) 

* c -xDis(.F): For any i j, (a, b) £ -Rj, 

W *i(s + t,(/>) W *i(s + t,<j>) 

a *i (t, f) 

b *i (t , (/>) 


Table 2. The ^-calculus for J: where T = (IT, (i?i)igjv) and for every i £ N 


For T> C rL n , the ^-calculus (without a frame) for J can be defined as b* e 
if for every frame T ', state w of T, {u> e | e £ *<£} w *.; ( t , </>). Notice that for 
any v, w, if {u> e | e £ *<&} b*.^ v ( t , <f>), then {w e \ e £ *<P} b*^ w *j ( t , </>), 
therefore the ^-calculus is the resulting calculus on ^-expressions after we ignore 
the frame and world-prefixes (and thus rule * < ^-Dis(J r )) in Table 2.3. For an aef 
£ , we write £ \= w *.; (t , </>) when w £ £i(t , f); for set d> of *- F - (or *-) expressions, 
£ \= T> when £ |= e for every e £ <£>. If £ \= e, we may say that £ satisfies e. 

Proposition 2 ([4], but originally [11,13]). 

1. Let C rL n . Then, b* e iff for any aef £ |= *$, £ \= w e . 
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2. For frame T, set of U -expressions 4 X <1? h ^ e iff £ \= e for every aef £ f= <F. 

Proof. For 2, notice that the calculus rules correspond to the closure conditions 
of the aef, so if £ m |= e 6 iff <£> e, then £ m is an aef, so the “if” direction 
is established; by induction on the calculus derivation, we can also establish for 
every aef £, if £ m |= e, then £ [= e. 1 is a direct consequence. □ 

Proposition 3 ([4], but originally [11,13]). If CS £ P and is schematic, the 
following problems are in NP: 

1. Given a finite frame F, a finite set S U {e} of ^-expressions, is it the case 
that S e? 

2. Given a finite set S U {e} of *-expressions, is it the case that S h* e? 

The shape of a ^-calculus derivation is mostly described by t. We can use t 
to extract the general shape of the derivation - the term keeps track of the 
applications of all rules besides * C and * °-»Dis. We can then plug in to the 
leaves of the derivation either axioms of the calculus or members of S and unify 
(CS is schematic, so the derivation includes schemes) trying to reach the root. 
Using Propositions 3 and 1, we can conclude with Corollary 1. 

Corollary 1 ([4], but 1 was originally proven in [11]). 

1. If CS £ P and is schematic, then deciding for that J h is in NP. 

2. If CS £ P and is schematic and axiomatically appropriate, then the satisfia¬ 
bility problem for J is in NEXP. 

3 A Universal Lower Bound 

The main result of this section can be found in Theorem 1 and is a lower bound 
for the complexity of ./-satisfiability, for an arbitrary multiagent justification 
logic J , given an axiomatically appropriate, schematic constant specification. 
We give the theorem first and then its proof. 

Theorem 1. If J has an axiomatically appropriate and schematic constant spec¬ 
ification, then J-satisfiability is Elf-hard. 

Kuznets proved in [12] that, under a schematic constant specification, satisfi¬ 
ability for J, JT, J4, and LP is in Elf - an upper bound which was also successfully 
established later for JD [15] and JD4 [1] under the assumption of a schematic 
and axiomatically appropriate constant specification. In that regard, the lower 
bound of Theorem 1 is optimal. Kuznets’ algorithm is composed of a tableau 
procedure which analyzes signed formulas of the form T <j>, intuitively meaning 
that f> is true in the constructed model, and F </>, meaning that 4> is false, with 
respect to their propositional connectives (and from T t q <j> gives T <j> in the 

6 £ \= e has only been defined for aefs, but we slightly abuse the notation for conve¬ 
nience. 
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presence of Factivity). Eventually it produces formulas of the form T p, F p, 
T * (t, (f>), and F * (t, (f>), where T * (t , <j>) means that the aef of the constructed 
model makes (t, </>) true. The tableau process so far takes polynomial time and 
makes nondeterministic choices to break the propositional connectives and con¬ 
struct a specific branch. Then we need to make sure that there is a model {£, V) 
such that £(t, (f) = true if T * ( t , (f) is in the branch, £{t, </>) = false if F * (t, <j>) 
is in the branch, V(p) = true if T p is in the branch, and V(p) = false if F p is 
in the branch. The propositional variable part is easy to check - just check that 
not both T p and F p are in the branch. The aef part is harder to verify, but the 
branch can give a valid aef if and only if from all *-expressions e, where T e is 
in the branch we cannot deduce some ^-expression / using the ^-calculus, where 
F f in the branch. By Proposition 3, this can be verified using an NP-oracle. 

The idea behind the reduction we use to prove Theorem 1 is very similar to 
Milnikel’s proof of 772-completeness for J4-provability [17] (which also worked 
for J-provability). Both Milnikel’s and our reduction are from QBF^. The main 
difference has to do with the way each reduction transforms (or not) the QBF 
formula. Milnikel uses the propositional part of the QBF formula as it is and 
he introduces existential nondeterministic choices on a satisfiability-testing pro¬ 
cedure (think of Kuznets’ algorithm as described above) using formulas of the 
form x :p\/ y : ~>p and universal nondeterministic choices using formulas of the 
form x :p A y :~<p and term [x + y\ in the final term, forcing a universal choice 
between x and y during the ^-calculus testing. 

This approach works well for J and J4, but it fails in the presence of the 
Consistency or Factivity axiom, as x :p Ay : ->p becomes inconsistent. For the 
case of LP, he used a different approach and made use of his assumption of 
a schematically injective constant specification (i.e. that all constants justify at 
most one scheme) to construct a term t to specify an intended proof of a formula 
of the form f\^x :p A y : ->p) —>• s :ip — which is always provable, since the left 
part of the implication is inconsistent. In this paper we bypass the problem of 
the inconsistency of £ : p A y : ~>p by replacing each propositional formula by 
two corresponding propositional variables, [%] T and [ x to correspond to “% is 
true” and to “% is false” respectively. Therefore, we use x : [p] T A y : [p] 1 - instead 
of x :p A y p and we have no inconsistent formulas. As a side-effect we need to 
use several extra formulas to encode the behavior of the formulas with respect 
to a truth-assignment - for instance, [p] T —> [p V g] T is not a tautology, so we 
need a formula to assert its truth (see the definitions of Evalj below). 

Buss and Kuznets in [8] use the same assumption as Milnikel on the constant 
specification to give a general lower bound by a reduction from Vertex Cover 
and a V.^-complete generalization of that problem. Their construction has the 
advantage that it additionally proves an NP-liardness result for the reflected 
fragment of the logics they study, while ours does not. On the other hand we 
do not require a schematically injective constant specification, as, much like 
Milnikel’s construction for J4, we do not need to limit a ^-calculus derivation. 

Lemma 2 is a simple observation on the resources (number of assumptions) 
used by a ^-calculus derivation: if there is a derivation of *,;(£, <fi) and t only has 



one appearance of term s, then the derivation uses at most one premise of the 
form *j(s,if). In fact, this observation can be generalized to k appearances of s 
using at most k premises, but this is not important for the proof of Theorem 1. 

Lemma 2. Let i be an agent, <f a justification formula, t a justification term in 
which ! does not appear, and s a subterm oft which appears at most once in t. 
Let S s = {s:.i(j ) 1 ,..., sii(f k } and S C rL n , such that S U S s is consistent. Then, 
SUS s tii(f> if and only if there is some 1 < a < k such that S'U {s } b £:$(/>. 

Proof. Easy, by induction on the ^-calculus derivation (on t). □ 

The proof of Theorem 1 is by reduction from QBF 2 , which is the following 
(Sf-complete) problem: given a Quantified Boolean Formula, 

<t> = ^Xi3x 2 ■ • • 3x k Vyi\/y2 ■ ■ ■ Vywif, 

where if is a propositional formula on variables xi,.. ., x k , yi, ■ ■ ■, y k ', is <f true? 
That is, are there truth-values for x±,... ,x k , such that for all truth-values for 
yi , • • ■, Pk ', a truth-assignment that gives these values makes if true? 

As mentioned above, for every if a £ <F, let [ifa] T , [V’o]^ be new propositional 
variables. As we argued earlier, we need formulas to help us evaluate the truth of 
variables under a certain valuation in a way that matches the truth of the original 
formula, if - [^>]- L —> [ _l V’] T f° r instance. These kinds of formulas (prefixed by a 
corresponding justification term) are gathered into S(<f). T J (<f) is constructed 
in such a way that under the formulas of S(<f) and given a valuation v 

/\ x a H [Pa\ T A /\ a:„:i[pj i A5((j'i)hT J ((i): 1 :[()] T 

v(p a )=true v(p a )=false 

if and only if v makes <f true. In other words, T J (<f) encodes the method we 
would use to evaluate the truth value of <f. 

To construct T J (<f), we first need certain justification terms to encode needed 
operations to manipulate formulas. We will often need to work on long con- 
juncts like (cfi A • • • A </v), which we can view as a string of formulas. Therefore 
we need operations like projections (projf ), appending a formula (append), ap¬ 
pending a formula to a hypothesis ( hypappend ), appending the conclusions of 
two implications (appendconc) , and so on. We start by providing these terms. 

We define terms projf. (for x < r), append, hypappend, and appendconc, to 
be such that 

t:i(<f 1 A (fo A • • • A <f r ) b [proj r x ■ t\ -.i <f x , 
t:i(f\,s:if )2 b [append ■ t ■ s\ (</>i A ^ 2 ), 
i:» (<fi —> f> 2 ) b [hypappend ■ t ](</>i -A- </>i A fa), and 
£:» (<fi -t (cfi -)• <f 3 ) b [appendconc - As] (cfi -> <f 2 A <f 3 ), 

append, hypappend, and appendconc can simply be any terms such that 

b append-.i (</>i -» (</> 2 -> <fi A <f 2 )), 
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I- hypappend:i((<f )i ->• fa) -> (</>i <(>2)), and 


b appendconc-.i {{fa -*• 0 2 ) ->• ((</A ->• </> 3 ) -»• {fa -> <h A </> 3 )))- 

Such terms exist, because they justify propositional tautologies and the con¬ 
stant specification is schematic and axionratically appropriate (see Lemma 1). 
To define proj T x , we need terms left, right, id, tran, so that 

b leftii {fa A fa -»</>i), right :i {fa A fa -t 4> 2 ), 

b *dy (0i —»• ^ 1 ), and 

b tran\i{{4> 1 -> <fo) -> ((</> 2 ->• </> 3 ) ->• (</y -)• </> 3 )). 

Again, such terms exist, because they justify propositional tautologies. Then, 
projl = id; for r > 1, projf = right; and for l < r, projf +1 = [trans-left-projf}. 


Now we provide the formulas that will help us with evaluating the truth of the 
propositional part of the QBF formula under a valuation. These were axioms 
provided by the constant specification in Milnikel’s proof [17], but as we argued 
before, we need the following formulas in our case. Let W = {fa,.. ., ipi} be 
an ordering of all subformulas of if, such that if a < b, then \ip a \ < \fa\ 7 . 
Furthermore, p = |{y £ E | Ly| = 1}| and for every 1 < j < l, 

if fa = -17, then Evalj = truthj 7 ([y] T —> [tpj] ± ) A truthj 7 ([y] 1 - —> [il>j \ T ); 
if tpj = 7 V 5 , then 

Evalj = truthj 7 ([y] T A [< 5 ] T —> [ipj] 1 ) A truthj 7 ([y] T A [ 5 ] -1 —> [Vb] T ) 

A truthj 7 ([7] 1 - A [< 5 ] t ->• [fa] 7 ) A truthj 7 ([7] 1 - A [S] 1 - -> [ipj]- 1 ); 
if ipj = 7 A S, then 

Evalj = truthj 7 ([y] T A [< 5 ] T —»• [ipj] T ) A truthj 7 ([y] T A [ 5 ] 1- —>• [' ipj ] ± ) 

A truthj 7 ([y] x A [< 5 ] T -*• [V’j] -1 ) A truthj 7 ([7] 1 - A [6] 1 - - 4 - [f/’i]' L ); 
if ipj = 7 —>■ S, then 

Evalj = truthj 7 ([y] T A [< 5 ] T -A [r/ly] T ) A truthj 7 ([y] T A [ 5 ]^ —*• [Vy-] -1 ) 


A truthj 7 ([ 7 ]- 1 - A [(5] t -)• [?/y] T ) A truthj 7 ([ 7 ] 1 - A [ 6 ] 1 - [Vy] T )- 

' assume a | - |, such that = 1 and if 7 is a proper subformula of 5, then |y| < |(5| 
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We now construct term T J ((f>). To do this we first construct terms T a , where 
1 < a <1. Given a valuation v in the form x\ [pi] vi ,..., Xk [ Pk] Vlc , T 1 through 
T k simply gather these formulas in one large conjunct (or string). Then for 
k + 1 < a < l, T a evaluates the truth of ip a , resulting in either [^>] T or [ip] 1 - and 
appending the result at the end of the conjunct. 

Let T 1 = x\ and for every 1 < a < k, T a = [append ■ T a ~ l ■ x a \. It is not 
hard to see that for v \,..., Vk £ {T. _L}, 

XI -i [pi] V1 ,. ..,x k H [p k ] Vk h T k M ([prf 1 A • • • A \p k ] Uk ). (1) 


If tp a = then 

T a = hypappend ■ [trans • proj ^ _1 • truth a \ • T a ~ l and 
if tp a = 4>b 0 4>c, then 

T a = hypappend ■ [trans ■ [appendconc ■ proj ^ _1 • projf^ 1 ] ■ truth a ] • T a_1 
Let 

S(<j)= /\ Evalj 

P<j<i 

and given a truth valuation v, let 

S v {(/>)= A x j'i\PoY A A x i : i\Pj\ ± A A Eval i■ 

v(pj)=true v(pj)—false 


By induction on a, for every truth assignment v, 

where if ipb is true under v, then Vb = T and Vb = _L otherwise. The cases 
where a < k are easy to see from (1). For the remaining cases it is enough to 
demonstrate that 

if ip a = then S(cp) F [trans ■ projj -1 ■ truth a ■ T a ~ l ] [ip a ] Va and 

if ip a = 4>b ° 4>c, then 

S(cp) h \trans ■ [appendconc ■ proj ^ _1 • projf _1 ] • truth a • T° _1 ] [ip a ] Va , 

which is not hard to see by the way we designed each term. 

Finally, let T J (<p) = [right ■ T l [. We can now prove Lemma 3: 

Lemma 3. For every n € N and agent i £ N, T J (</>), S((p) are computable in 
polynomial time with respect to \<p\. <j> is true under truth assignment v if and 
only if 


A X a '-i[p a } T A A X a'i [Pa] ± A S(<p) h T J ((f): i [(j)\ T . 

v(p a )=true v(p a )—false 
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Proof. From the above construction we can see that if (p is true under v then 
S v {<p) b T J ((j>) \i [<^] T . On the other hand, if S v ((p) b T J (</>) [</>] T , then 

*S v {cp) b* *i(\right ■ T l ], [^] T ), which in turn gives (S v ((p))# i b [^>] T (the terms 
do not include the operator ! and thus the right side of a ^-derivation is a 
derivation in propositional logic). If <f> is not true under v, then let v' be the 
valuation, such that u'([t(>] T ) = true iff ip is true under v and f , ([V , ]~ L ) = true 
iff ip is false under v. Then all of (S v (<p))# i is true under v' and [0] T is not, 
therefore(S' t '(0)) #i \f [0] T , so S v ((p) \f T J (</>)[0] T . □ 

Corollary 2. The QBF formula 3p\,... ,pif/pk+ 1 , • • ■ ,Pk+i4> is true if and only 
if the following formula is J-satisfiable: 

k i 

A IPoV^Xj -.i [pj]- L )A A ( x j '■i {PjV Ax j -i bA ) A S(^) A =T J (=</>) [=0] T . 

j =i i=fc+i 

Proof. If 

k l 

A b \Pj] T VXj : i bf]" L )A A ( x j [PoV Ax j '■i \PiY) AS'(^)A^T J (^</>)h0] T 

i=1 j=k +1 

is not satisfiable, then 

k i 

A bb M T Va b =* bf] J ‘)A A bf] T Ax i ■i bj]' L )AS'(->0) b T j (^ < />)[-. 0] t , 

3=1 j=k+1 

and then for every choice ci : {1,..., k} —> {T, _L}, 

k i 

A bb bj] Cl0) ) A A bb : i \PiY A Xj :»bA) A S(^<p) b T J (-><p)[-<p] T , 

3=1 j=k+1 

and then since every variable from xi ,..., Xk+i appears at most once in T J and 
T J does not include !, by Lemma 2 there is some choice C 2 : {1,..., 1} — > {T, _L} 
such that 

k i 

A (2b :< N ClW) ) A A ( x > h \Pj] Ca<J) ) A 5(^0) b T\^) H>] T . 

I=i j=fc+i 

Therefore, for every assignment of truth-values on pi,... ,pk there truth-values 
for pk- |-i,... ,pi+k that make (p false. 

On the other hand, if 


k i 

A bb \Pj] Tvx 3 : i IPjY) A A (“b b fe] T A^' :* biA) AS'(-.0)A=T j (=</>)[=0] t 


1=1 


j=fc+i 
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is satisfiable, then there is some choice c\ : {1,..., k} —{T, ±}, such that 
k l 

A \Pj ] Clb) ) A A ( x i :i fe] T A Xj -.i Ipj}- 1 ) A S(-u£) A -.r J (-.0)[-.0] T 

3 —1 j=fc+l 

is satisfiable, and then since every variable from xi,..., Xk+i appears at most 
once in T J , for every choice Ci : {1,..., 1} —> {T, _L}, 

k i 

A M ci0) ) A A \Pj ] caij) ) A -SW) t 7 (“^)N’] t - 

3 = 1 j=fe+l 

Therefore, there is some truth assignment on pi,... ,pk such that every truth 
assignment on Pk+i, ■ ■ ■ ,Pi+k makes (j> true. □ 

Theorem 1 is then a direct corollary of the above. 

4 A NEXP-complete Justification Logic 

The justification logic we prove to have a NEXP-complete satisfiability problem 
is the 4-agent logic Jh = (4, C, c —>, F)cs, where 

- C= {( 3 , 4 )}, 

- ^->= {(1,2), (2,3), (4,4)}, 

- F(l) = F( 2) = J, F( 3) = F{ 4) = JD, and 

- CS is any axiomatically appropriate and schematic constant specification. 

The agents of Jh are based on justification logics J and JD and essentially 
JD4, as agent 4 has Positive Introspection. Agent 3 has a significant variety of 
justifications. Since 1 2 3, 3 is aware of the justifications of 2, who in turn is 

aware of the justifications of 1. Therefore, 3 can simulate the reasoning of 2 who 
can simulate the reasoning of 1. Additionally, 3 accepts two types of justifications: 
the ones 3 receives from 4, which come with Positive Introspection and the 
other ones 3 accepts, which do not. As Theorem 2 demonstrates, this complex 
interaction among agent 3’s justifications results in the significant hardness of 
Jy-satisfiability. 

If we only focus on agents 3 and 4, we have a PSPACE-complete justification 
logic [3,4]. In a tableau procedure which constructs a model for a given formula 
(like the one in [4]), this means that we may have to consider a large number of 
states. If we could simply explore smaller parts of the model as we can often do 
for Modal Logic, we could still end up with an (alternating perhaps) polynomial 
space algorithm. The satisfiability-testing procedures for Justification Logic have 
another part, though, and that is testing whether certain ^-expressions can be 
derived in a frame F from a certain set of ^-expressions using the ^-calculus - 
which corresponds to asking whether there is an aef that satisfies certain expres¬ 
sions and not others. By Proposition 3, this can be done using a nondeterministic 
procedure which takes time polynomial with respect to jJ 7 ! and to the overall 
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size of the set of ^-expressions. Although the complexity of that procedure 
is not something which increases the overall complexity of satisfiability-testing 
[4], to run it we must keep the whole frame T in memory and T can be large, 
which requires exponential time and more than polynomial space. Nondetermin¬ 
ism is introduced as we apply the tableau rules, as some require nondeterministic 
choices. Assuming PSPACE 7 ? NEXP, this is a difficulty we cannot overcome. 

Theorem 2. Jh- satisfiability is NEXP-fcard. 

The reduction we use is from a subproblem of the SCHONFINKEL-BERNAYS 
SAT problem, which we call BINARY SCHONFINKEL-BERNAYS SAT: 

Given a first-order formula <j> of the form 3 aq • • • 3xkVyi ■ ■ ■ , where 

ip contains no quantifiers or function symbols, is <f> satisfiable by a first- 

order model of exactly two elements? 

The general SCHONFINKEL-BERNAYS SAT problem does not require that a 
satisfying model has exactly two elements and is known to be NEXP-complete 
[16]; BINARY SCHONFINKEL-BERNAYS SAY remains NEXP-complete. 

The reduction for Theorem 2 is essentially an extended version of the reduc¬ 
tion we used to prove Theorem 1. Like then, consider a construction of a satisfy¬ 
ing model, only this time it is an F-model with several states and accessibility re¬ 
lations for agents. Another difference is, of course, that now the original formula 
is from the first-order language. However, in the BINARY SCHONFINKEL- 
BERNAYS SAT formulation, each (first-order) variable is quantified over two 
possible values (the elements of the two-element model), so they are essentially 
propositional variables. Since this is satisfiability we must existentially quantify 
each relation symbol over all 2 r+1 r -ary relations. We can encode such a nonde¬ 
terministic choice by forcing the existence of an exponential number of states, 
each representing one r-tuple v == v \,..., v r of the two possible values 0 and 1 
(as mentioned above, we can do this using agents 3 and 4) by having var:\ [p a } Va 
being true and then at each such state enforce the choice between rel q [i?] T and 
rel:i [i?]" 1- , meaning that v £ R or v (ji R respectively - where R an actual rela¬ 
tion. In such a state conjunctions of the form gather q ([pi] Vl A • • • A \p r } Vr A [R \ A ) 
(where A = T or A) encode this choice. Due to the particular interaction 
among the agents and the logics they are based on, in the constructed model 
gather q ([pi] Ul A - • ■A[p r ] Vr A[i?] A ) is true in a state if and only if that state repre¬ 
sents v and A = T iff v G R. Already this Jf/-model encodes a first-order model. 
The trick now is to be able to gather in one state all these formulas that encode 
the relations through the aef closure conditions (i.e. through the ^-calculus), but 
making sure that individual conjuncts (i.e. something of the form var q [p] A or 
rel q [i?] A ) cannot be also transfered to that state through the calculus - in 
that case we would be able to construct gather q ([pi]" 1 A • • • A [p r } Vr A [R] A ) 
for additional, invalid combinations of (v, A). This is achieved by considering 
formulas of the form \gather q gather q ([pi] Ul A • • • A [p r ] Vr A [i?] A ). The con¬ 
structed model has empty accessibility relations for agents 1 and 2, thus such 
formulas can move freely through the accessibility relation of agent 3 (since 
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2-^3 and because of Distribution), but this is not the case for anything of the 
form t:i \ (since 1 3,4). Using certain additional formulas we can make sure 

that \ gather -.2 gather : i ([p\] Vl A • • • A [p r ] Vr A [R] A ) —> [R(x i,... ,ay)] A becomes 
true if and only if x \,..., x r are interpreted as v\,... ,v r . The remaining of the 
formulas and methods we use are very similar to the ones we use for Theorem 1. 
By combining Corollary 1 and Theorem 2, we can claim the following: 

Corollary 3. Jh- satisfiability is NEXP -complete. 


4.1 Proof of Theorem 2 

The reduction we use is from (a variation of) the SCHONFINKEL-BERNAYS 
SAT problem: given a first-order formula (p of the form 


3xi ■ ■ -3x k \/y i • • ■Vyk'ip, 


where ip contains no quantifiers or function symbols, is (p satisfiable by a first- 
order model? 

SCHONFINKEL-BERNAYS SAT is known to be NEXP-complete ([16]). Fur¬ 
thermore, it is not hard to see that if 


3xi • • -3x k \/yi ■ ■■Vy k 'ip, 


is satisfiable, then it is satisfiable by a model of at most k elements. For the 
coming reduction, we instead use for convenience a simplified version of this 
problem, which we call BINARY SCHONFINKEL-BERNAYS SAT and is the 
same problem, only instead we ask if 3x i • • • 3x k \/yi • • • \/y k 'ip is satisfiable by a 
first-order model of exactly two elements. 

For the reductions that follow we use the following notation: for a non¬ 
negative integer x £ N, let bin(x) = bino(g), ■ ■ ■ ,bin\ ogg (g) be its binary repre¬ 
sentation. Furthermore, like in Section 3, for every propositional and first-order 
formula ip we introduce propositional variables [^] T and [ip ] _L . 

Lemma 4. BINARY SCHONFINKEL-BERNAYS SAT is NEXP -complete. 

Proof. Let </> be a first-order formula of the form 


3xx • • -3x k \/yi ■ ■■Vy k >ip, 


where ip contains no quantifiers or function symbols. Furthermore, we assume 
that ip contains no constants. We can replace each x a by x a = x\, x%, ■ ■ ■, a;[ losA: ^ 
and each yi, by yb = yl, y \, • • ■, hr the quantifiers and wherever they 

appear in a relation. Therefore 3x a is replaced by 3x l a 3x‘j l • • • 3a;[ losfc ^ (3a; a for 
short) and \/x a is replaced by Mx^Mx^ ■ • • Vx[ los (Vy a for short) and R(zi, ...,z r ) 
is replaced by R(z i,..., z r ). Furthermore, every expression z = z' where z, z’ 
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are variables, is replaced by Ai<o<riogfcl Z<1 = z ' a ( z = z> f° r short). The result 
of all these replacements in ip is called ip'. The new formula is: 

( k' k 

f\ \J x a = y b ^ ip’ 

b— 1 a— 1 

We can also define a corresponding transformation of first-order models: assume 
that the universe of model M. for cp is a set of at most k natural numbers (each of 
which is at most k — 1 and an interpretation for some x a ); then AT is the model 
with {0,1} as its universe, where for every relation R (on tuples of naturals) of 
M there is some R', which is essentially the same relation, but on the binary 
representations of the elements of AT That is, 

R' = {(bin(ai ),..., bin(a r )) £ {0,1}* | (aq,..., a r ) £ R} 

It is not hard to see that if M satisfies the original formula, then AT satisfies 
the new one: each x a can be interpreted as the binary representation of the 
interpretation of x a in M and notice that the added equality assertions effectively 
limit the y's to range over the interpretations of the ads, which are then exactly 
the image of the elements of At. 

On the other hand, if <p' is satisfied by a model with (0,1} as its universe, 
then (p is satisfied by the model which has the [log £;]-tuples of {0,1} that are 
the interpretations of aq,..., x k as elements and as relations the restrictions of 
the two-elenrent model’s relations on these tuples. □ 

Given a first-order formula (p as above, we construct a justification formula, 
<p J , in polynomial time, such that (p is satisfiable by a two-element model if and 
only if <p is satisfiable by a J-model. The reader will notice several similarities 
to the proof of Theorem 1. 

Let 

<p = 3xi--- 3x k \/yi ■ ■ ■ Vyk'ip 

be such a formula, where ip contains no quantifiers or function symbols. Let 
Ri ,..., R m be the relation symbols appearing in ip, a±,..., a m their respective 
arities. Then, let a = {i £ N | 3r < m s.t. i < a r }; then, |a| = max{ai,..., a m }. 
We also define: X = {aq,..., x k }; Y = {y±, ..., yw}', Z = X UY; p 0 = k + k'. 

For this reduction, in addition to the terms introduced in Section 3, we de¬ 
fine the following justification terms. If we expect a term to justify a tautological 
scheme of fixed length, then we can just assume the term exists and has some 
constant size. Otherwise we construct the term in a way that gives it size poly¬ 
nomial with respect to the formula it (provably) justifies. Again we need certain 
terms to encode manipulations of long conjunctions (which we can see as strings) 
and we start with these. 

addhyp is such that b addhyp:± (cp —» (ip —» <p)); 

replaceleft is such that b replaceleft:\ ((cp —> <p') —> ((</> A ip) —» {(p' A ip))), 
while 
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replaceright is such that b replaceright: i ((ip —> ip') —» ((<p/\ip) —> (cpAip 1 ))); 
We define replace f in the following way: 

replace ^ = replaceright , 


while for l < k, 

replace f = trans • replace ^ 1 • replaceleft. 

Then it is not hard to see by induction on fc — l that 

b replace k :i ((0j -)• 00 ->• ((0i A- • -A0;A- • -A0 fe ) -*• (0iA- • -A0[A- • -A0 fc ))). 
We define mphypoth to be such that 

b mphypoth ■.!(($ -A ip) -A ((<p -A (ip -A y)) ->• (<p->x)))- 

We use justification variables var 1,.. . ,var ar ,rel r for every r € [to]. 

For 1 < r < m we define gather r in the following way: 

gather r = [append ■ [append ■ ■ • [append ■ var\] ■ ■ ■ var ar \ ■ rel r \, 

For every 1 < j < a r + 1, let Vj,v'j € {T,_L}. Then, for propositional 
variables pi,...,p ar , 


a r 

[\ varj :i [pj] Vj Arel r :i [R r ] Var+1 b gather r : i ([pi] v>1 A- ■ ■A[p ar ] Va ^ A[R r ] v “r+i) 
j =i 

if and only if for every 1 < j < a r + 1, Vj = v'j (see the proof of Lemma 3). 
In fact it is not hard to see that if 

a r 

varj :i \pj\ V} A rel r :i [R r ] Var+1 b gather r :i y, 

3 = 1 


then r\°jL 1 \pj] Vj A(R r \ Va " r + 1 b y: operator ! does not appear in gather r , so the 
right-hand side of a corresponding ^-calculus derivation for *i (gather r ,x) is 
a propositional derivation of y from [pi] Ul ,..., [p ar ] Var , [Rr] Var+1 and some 
propositional tautologies. 

To give some intuition, conjunction /\°=i varj y [pj] Vj A rel r y [i? r ] Ua ’-+ 1 
means that (iy,..., v ar ) £ R, in a corresponding first-order model. 

We use justification variables value z and match(z,pi) for all z £ Z , l £ a. 
For every z £ X, we define V z = value z y [z] T V value z y [z]- 1 ; for every 
z £ Y, V z = value z y [z] T A value z y [z] -1 . 

We also define 

Match = match(z,pi) y ([z] A —> ([pi] A -A ok{)) 

IdzCX 

zez 

A€{T,_L} 
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• • R (z) 

For every R r {z ) which appears in ip and 0 < b < a r , we define match b ry 

R (z) 

in the following way: match 0 rK ; = addhyp • gather r and if b > 0 and Zb = Xj 
or Zb = yi-k > then match b rl ' z ' > is defined to be the term 

[mphypoth ■ match^jf'* ■ [tran ■ [tran- project 1 ^ 1 ■ match(zb, &)] • replace ^ +1 ]]. 

We can see by induction on b that for every 0 < b < a r , 

Match, gather r ■-! ({p 1 ] Vl /\- ■ ■A{pa r ] Va r A[R r ] Var+1 ) b 

b match b r{zi, '' Zar) :i (([xif 1 A • • • A [x k ] Vk A [yi] Vk+1 A • • • A [y k ’] Vk ' +k ) -t 

-> {ok i A • • • A ok b A \p b+ i] v ' b + 1 A • • • A [p ar ] v ' ar A [i? r p>'+ 1 )) 

if and only if for every j £ [a r ] and j' £ [k + k'], if Zj = xy or zj = yj'-k, 
then v'j = vy. 

Match and term match^ r ^ are used to confirm that given an assign¬ 
ment v for variables x \,..., x k , yi, ■ ■ ■, yk'i a tuple z £ Z ar , and a tu¬ 
ple {v'v' ar+1 ) £ {T, -L} 0r+1 , that (u(>i),... ,v(z ar )) = {v\,..., v' ar ), 
since this is a crucial condition to assert that [R r {z)] Va ''+ 1 must be true (i.e. 
R r {z) is true iff v ar+1 = T). 

T'{match b r<KZ ■*) is defined in the following way: 

T'{match^ r ^) = c.-\addhyph-\gather r and for b > 0 and Zb = yi~ k , 

T' {match b r ^) = 

c. • [c. • \mphypoth-T ! (match^Zi )] •! [tran-[tran-projectf 1 -match{yi, 6)] • replace b r+1 ] 
We can see by induction on b that for every 0 < b < a r , 

Match, \gather r \ 2 gather r -.i{[pi] Vl /\- ■ -A\pa r ] Var /\[R r ] Var+1 ) b 

b T'(match b r< ' z) ): 2 match b r< ' z) :i (/\[xi] Ui A /\[yi] Vk+i -t 

-t {ok i A • • • A ok b A [Pb+i]^ +1 A • • • A [p ar ] v ' ar A [-R r ] Vo ’'+ 1 )) 
if and only if 

Match, gatherr'.i {\pi] Vl A • • • A \jpa r ] Var A [i? r ] Uar+1 ) b 

b matchf r< ' Zl, '"’ Zar) :i (/\[xiP A /\[y*]^ fe+i -t 

-t {ok\ A • • • A ok b A [p b+ i] v ' b + 1 A • • • A [pa r ] Var A [i? r ] Uar+1 )) , 

which in turn, as we have seen above, is true if and only if for every j £ [a r ] 
and j' £ [k + k'], if Zj = xy or Zj = yj’-k, then v’j = vy. 
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Using the terms (and formulas) we have defined above, we can construct 
terms T°, where 0 < a < pi and eventually tA 

Let W = {'ipi,ipi} be an ordering of all sub formulas of if) and of vari¬ 
ables which extends the ordering x\ ,... , Xk, yi ,..., yw , 

such that if a < b, then \ip a \ < |V’b|- 8 Furthermore, po = |{a £ [i] | \ip a \ = 0}| 
(= k + k') and pi = |{o € [i] | \ip a \ = 1}|. 

Let T 1 = value zi and for every 1 < a < po, T a = [append ■ T a ~ x • value Za \. 
It is not hard to see that for V \,..., Vk € {T, _L}, 

value Zl :i [z \] Vl ,.. .,value Zk :i [ z k ] Vk F T Po :i {[zi] Vl A • • • A [. z k ] Vk )■ ( 2 ) 

For every a £ [/], 

if i/) a = Rr(z%, ■ • • ,z 2 r ), then 

Eval a = trutha '2 ([match^ ■ T p0 ] :i (ok± A • • • A ok ar A [R r ] T ) ->• fokf)A 
A trutha -2 ([ match • T Po ] :i (ofci A • • • A ofc ar A [-Rr] -1 ) -t [V’a]^); 

if f/’a = “'7? then 

Eval a = truth a : 2 ([7] T -t [V’a] -1 ) A truth a : 2 ([7] X -t [V’a] T ); 
if ip a = 7 V 5 , then 

Evala = truth a -2 (W T A [ 5 } T ->• [Vv] T ) A truth a : 2 ([y] T A [J] 1 - ->• [t/> a ] T ) 

A truth a '2 ([ 7 ] X A [ 5 } T -»• [V’o] T ) A truth a : 2 ([7] 1 - A [6] 1 - ->• [t/v] -1 ); 
if V’a = 7 A < 5 , then 

Eval a = trutha:2 (b] T A [ 6 } T ->• [t/v] T ) A truth a : 2 (b] T A [ 5 ]- 1 -t [^ a ] X ) 

A truth a -2 ([7] X A [6] T ->• ['i/’a]^) A truth a : 2 ([ 7 ] X A [d] 1 - ->• [V’a] -1 ); 
if 4 >a = 7 —> < 5 , then 

RuaR = truth a -2 (b] T A [< 5 ] T ->• [V’o] T ) A truth a : 2 (b] T A [d] -1 -t [t/v] X ) 

A trutha '2 ([7]"*" A [ 5 ] T - 4 - [V-a] T ) A trutha-i ([7]^ A [ 5 ] 1 - - 4 - [ i > a ] T )■ 

Let Eval = Al= Po+ i Eval a . 

For po < a < pi, we define gathrel a in the following way: 

gathrelp 0 +i = c. • T\match%“ ) 


and for po + 1 < a < pi, 

gathrel Po +i = appendconc ■ gathrel a -i • [c. • T\matchf“ )]. 

8 assume a | • [, such that \xj\ = |j/j| = 0 , \Rj(vi,. .. ,v aj )\ = 1 and if 7 is a proper 
subformula of <5, then |y| < |5| 
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Then, 


T Po+1 = replace pl po ■ truth Po +1 • \gathrel Pl -\T p0 ] 


and for po + 1 < a < pi, 

T a = replace Pl ~ Po ■ truth Po+ 1 • T° _1 . 


if i’a = -| V’2) then 

T a = hypappend ■ [trails ■ proj“ _P0_1 • truth a } ■ T a ~ l and 
if ip a = 4>b ° 4>c, then 

T a = hypappend ■ [trans ■ [appendconc ■ proj^~ p0 ~ l ■ proj “ -1 ] • truth a \ • T 0-1 . 
We then define t# = [right ■ T 1 ]. 

Lemma 5. For every b £ [pi], j £ [a r „], let l b = (l b i,..., l b arb ) £ {pj, ~^Pj} arb 
and v b £ {T._L}. Assume that for every foi ,&2 £ [pi], if r^ = rb 2 and l bl = l b2 , 
then it must also be the case that v bl = v b2 . Then, 9 

A \gather Tb -. 2 gather rb (l b /\[R rb ] b )f\Match/\Eval/\ [\ val z :\(z] Vz bf^: 2 [</>] T 

i>£[pi] z(zZ 

if and only if M.\= (f> for every model A4 with universe {T, _L} and interpretation 
T such that 

— for every z £ Z, v z = I(z), 

- for every b £ [pi], M |= Rr b (f(l\), • • •,/(/„,„)) iffv b = T, 
where for all j £ a, f(pj) = T and f(~<Pj) = _L. 

Proof. The if direction is not hard to see by (induction on) the construction of 
the terms T a ,t#. For the other direction, notice that a ^-calculus derivation for 

A '-gather rb \ 2 gather r b U (l A [-R r J ^ j 
be[pi\ 


Match, Eval, A val z :\[z\ Vz ht^: 2 [0] T 

z£Z 

gives on the right hand side a derivation of 

A gather rb (l b A [R rb ] v ^ , Match, Eval# 2 , A va ^z -i [. z] Vz b [</>] T 

b£[pi] z(E.Z 

Some x = [Rri.zf)) A , where R r (zf.) = if a , a subformula of </>, can be derived 
from the assumptions above only if [match #“ • T p0 ] :i (ok A can be 

9 For convenience and to keep the notation tidy, we identify l b with l\ A • • • A l b arb and 
ok with oki A • • • A ok ar . . 
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derived as well notice that the assumptions cannot be inconsistent and we can 
easily adjust a model that does not satisfy [ match#* ■ T Po } (ok A [-R,- a ] A ) so 
that it does not satisfy \ either, by simply changing the truth value of 

The derivation of match#*^ :i (ok A [i?r a ] A ) is not affected by Eval# 2 : 
if there is a model that satisfies all assumptions except for Eval# 2 and not 
match# * :i (ok A [-R ra ] A ), we can assume the strong evidence property and 
change the truth-values of every [f/’b] A to true, so the new model satisfies all the 
assumptions and not [match#* ■ T p0 ] :i (ok A [-Rr 0 ] A )- 

Therefore we have a ^-calculus derivation of [match#* ■ T p0 ] :i (ok A [-R r J A ) 
and since gather r only appears once in match#* , there is some b £ [p\ ] such 
that (see Lemma 2) 

gather Tb : i (l b A [R rb ] v ^ , Match, val z :i[z] Vz b [match#*^ -T Po ] a (ok/\[R ra ] A ) 

zCZ 

Similarly, we can remove the terms from this derivation, so 

l b , [R rb ] vb , Match# 1 , f\ [z] v * b ok A [R r J A 

zGZ 

From which it is not hard to see that for all z € Z, v b = A, so every first- 
order model as described in the Lemma satisfies Then it is not hard to see 
by induction that all such models satisfy all [Vv] A derivable from these same 
assumptions. □ 

Now to construct the actual formula the reduction gives. For this let p be a 
fixed justification variable. We define the following formulas. 


start = -i [active ] A p:s I [active] A A var a : 1 ~<Pa 
\ «e[a] 

forward a = p'A I \J var a A ~^p a A [active] —tp: 3 [active] 

\a£[a] 

forwards = P- 4 A A varb '-iPb A var a A ~^p a A [active] 

aG[a] y&6[a—1] 

->/0 ;3 A var b-i~ , Pb hvar a :iPa 
1] 

forwardc = p- 4 A V varb A ~^Pb A var a A p a A [ active ] 

aG[a] \&6[a—1] 

-)■ p'.zvar a A “'Pa) 
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forwardu = P' 4 , A V varb :i ->pb A var a :i p a A [ active ] 

a£[a] y6G[a— 1] 

-> P' 3 Var a :ip a ) 

end = p :4 I var:\p a A [active] —» p 14,-1 [active] 

\a€a 

choice r = p :4 ([active] —>■ reZ r :i [R r ] T V reR :i [-R r ]^) 

choicey = p :4 I -1 [active] —» (yalue z :\ [z] T V value z : 1 [x] -1 ) 

\ zex 

A {yalue z :i [z] T A value z :i [z] -1 ) 

zEY 

test = p :4 (-■[ active] —> Match A Eval A ~<t^ : 2 [~'f l ] T ) 

Then, (f>p 0 , the formula constructed by the reduction is the conjunction of these 
formulas above: 

start A f or ward a A forwards Aforwardc A f orwardp AendAchoicenAchoicey Atest. 

Theorem 3. < pp Q is J-satisfiable if and only iff) is satisfiable by a two-element 
first-order model. 

Proof. First, assume f> is satisfiable by two-element first-order model, say M. 
with interpretation I, and assume that for every a G [k ], I(x a ) is such that 
M |= Vy 1 ,..., \/y k >tf>. We construct a J-model for f>p 0 : 

M.j = (W. R \, f? 2 > R'i■ i? 4 , £, V), where: 

- W = {cr G N | a + 2 G [2“ + 2]} (i.e. a G {-1,0,1,2,... 2“}); 

- R 1 = R 2 = ®,R 3 = {(a, a + 1) I a < 2“} U {(2“, 2“)}, and 
R 4 = {(a,a') |a<a'}U{(2«,2“)}; 

- £ is minimal such that 

• <? 3 (p, x) = ^ 4 (p, x) = W for any formula 

• E\ (var a ,p a ) = {a GW \ a + 1 G [ 2 “] and bin a (a) = 1}, 

• £i(var a ,-'Pa) = {erGW|er-|-lG [2“] and bin a {cr) = 0}, 

• £i(rel r , [i? r ] T ) = {a GW\a + lG [2“] and 
X |= R r (bin 0 (a),... ,bin ar (a))}, 

• £1 (rel r , [-Rr] -1 ) = {crGW\cr + l£ [ 2 “] and 
M Rr(bino(a),... ,bin ar {&))}, 

• for every a G [k], £\(value Xa , [:r a ] T ) = {2 Q }, if Z(x a ) = T and 0 other¬ 
wise, 

• for every a G [k], £\(value Xa , [xn] -1 ") = {2 Q }, if X{x a ) = -L and 0 other¬ 
wise, 

• for every a G [k r ], £\(value Va , [p a ] T ) = £,{value Va , [j/a] -1 ) = {2 Q }, and 
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• Mj, 2“ |= Match, Eval', 

- V([active ]) = {cr G W | tr+1 G [2°]} and for any other propositional variable 
q,V(q)=<D. 

It is not hard to verify that AIj,—1 |= 4>p 0 > as long as we establish that 

Mj, 2 “ :2 [-^] T , for which it is enough that 2 “ ^ £j(t <t> , [ _, </'] T )- 

The definition of £ is equivalent to a G £ g (s,x) -O- S b* a * g (s,%), where 

5 = 

{w *3 {p,F) | w G W, F a formula} U {w *4 (p, F) \ w G W, F a formula} U 

{w *1 ( var a ,p a ) | w + 1 G [2 a ] and bin a (w) = 1} U 
(w *1 ( var a , -'Pa) | w + 1 G [2“] and bin a (w) = 0} U 
{w *1 ( rel r , [R r ] T ) | w + 1 G [2 Q ] and M \= R r (bino(w),..., bin ar (w ))} U 

(w *1 (rel r , [-Rr]" 1 ) | w + 1 G [2 Q ] and AI \f= R r (bino(w ),..., &m ar (u>))} U 

{2 a *! ( value Xa , [a; a ] T ) | a G [fe], T(x a ) = T} U 

{2 a *! (value Xa , [za]" 1- ) | a G [fc], 1(x a ) = _L} U 

{2 a *1 ( value Va , [y a ] T ) | a G [fc']} U {2 a *1 ( value Va , [Va]^) | a G [k’}} U 
(2 a e | e G *Eval U *Match} 

Then, 2“ G £ 2 (t^, [ _, </>] T ) iff S b* 2“ * 2 (i^, [~'^] T ). Notice the following: since 
does not have p as a subterm, the *-expressions in 

{ru *3 (p, F) | w G W, F a formula} U (to *4 (p, F) \ w G W, F a formula} 

cannot be a part of a derivation for S b* 2“ * 2 (t^, [~'0] T ). 

Since lf j 2f j 3 and 1,2 do not interact with any agents in any other way, 
for any term s with no !, if for some a or r, var a or rel r are subterms os s, if 
S b* w s : a y, then a = 1, 0 < w < 2 a , and {w e G S'} b* w s q %. includes 

exactly one ! gather rb for every b and one of value z for every z G Z. Therefore, 

if S b* 2 a * 2 (t^, then there are 

\gather rb : 2 gather rb :i<£ A Match A Eval A val z :i[z] Vz b : 2 [“’0] T 

bG[pi] z(E.Z 

and by Lemma 5, M |= ~^(j>, a contradiction. 

On the other hand, let there be some A i' T where 4> J is satisfied. Then, we 
name —1 a state where M'j, —1 f= </> J and let — l-R 3 O.R 3 l.R 3 • • • R^2 a . Then, 

- £i(var a ,p a ) C {(j G W | <r + 1 G [2 Q ] and bin a (<j) = 1}, 

- £\ (var a , —'Pa) C{ctgIT|(t + 1 g [ 2 q ] and bin a (a) = 0 }, 

- Mj,2 a |= Match, Eval and for every a G [k'\, 

Mj, 2 a \= value Va q (y a ] T , value Va q [y a ] ± ', 
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as we can see by induction on a - the conditions on Ai(var a ,p a ), Ai(var a , ~^Pa) 
as imposed by forwards, forwardc , forwards are positive. Notice here that 
if for some 0 < tu < 2 Q — l,w ^ riaea (■ var a ,p a ), then we have a contradiction: 
w + 1 |= -i [active] and if w is minimal for this to happen, then w |= [active], so 
since there is some a s.t. w £ £\(yar a , -'Pa), w + 1 |= [active] (by forwardA )• 
Then, {w \ w + 1 £ [2“]} C E\{rel r , [i? r ] T ) U £\{rel r , and then we can 

define a first-order model M. such that: 

— Ei(rel r , [i? r ] T ) C {o’ £ W | ct+1 £ [2“] and M |= R r (bino(a ),..., bin ar (a))}, 

— £i(rel r , [iZr-]- 1 -) C{a£W\ ct+ 1 € [2“] and M \f= R r (bino(a ),..., bin ar (a))}, 

— for every a £ [ k ], £\(value Xa , [x 0 ] T ) C {2 Q }, if l(x a ) = T and 0 otherwise, 

— for every a £ [fc], £\(value Xa , [la] 1 ) C {2 Q }, if X{x a ) = + and 0 otherwise, 

Since it must be the case that M.j, 2 “ t$ \2 it cannot be the case that 
\gather Tb : 2 gather rb :i<? A Match A Eval A val z :i[z] Vz b t^ :2 [ _, ^] T 

6G[pi] z$LZ 

and since M satisfies the conditions from Lemma 5, A4 □ 

Theorem 2 is then a direct consequence. 

5 Final Remarks 

We gave two lower bounds for the complexity of the satisfiability problem for 
Justification Logic. Theorem 1 gives a general lower bound which applies to all 
logics in the family, while Theorem 2 gives a lower bound for a specific logic 
in the family. From a technical point of view, the reduction from a fragment of 
QBF that we used for the first result is a simplification of the reduction from a 
fragment of First-order Satisfiability that we used for the second result. 

The merits of the general l^-hardness result is that we established an (ex¬ 
pected) lower bound for all the logics in the family, which uses fewer assumptions 
than a previous proof of the same bound (for single-agent logics) by Buss and 
Kuznets in [8]. That is, we require a schematic and axiomatically appropriate 
constant specification, while the proof in [8] requires that it is also schemati¬ 
cally injective: each constant justifies at most one scheme. It is perhaps a subtle 
distinction, but it means that for the first time we established this lower bound 
for justification logics J. JT, JD, JD4, and LP, the versions of these single-agent 
logics with the total constant specification (i.e. the one where all constants jus¬ 
tify all axioms ). 10 The necessity of these properties of the constant specification 
for these results and their full effects on the complexity of Justification Logic 
remain to be seen, but some insightful observations were made in [8]. 

The N EXP-hardness result we presented in this paper makes the general 
N EXP-upper bound from [4] tight, thus answering the open question from there 
about whether there exists a NEXP-complete logic or the upper bound can be 

10 If nothing else, this should simplify some of the notation. 
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a T Oiip 


a T OiV' 
cr.(g,i) T ip 
where ( g , i) is new; 

a F Oiip 
a.{g,i) F ip 
where (g, i) is new; 


C7 F 0 Up 
a.(g,i) F ip 

where ( g , i) has already 
appeared and i < 4; 

a T Dj ip 
a T 0 i4> 
where i G {3,4}; 


a.(g,i) T ip 

where ( g , i) has already 
appeared and i < 4; 

a T \H 4 ip 
a T O 31 P 


a T Oiip 
a T UjUnP 
where 0 < i < j < 4; 


a F O 4 ip 
a.{g,4) F ip 
o.(g,A)F 04 ip 

where ( g , i) has already 
appeared and i G {3, 4}; 


a T HU ip 
a.(g,i) T ip 
a.(g,i) T D 4 ip 


where ( g , i) has already 
appeared and i G {3, 4}; 


Table 3. Tableau rules for Mh ■ To test (p for A/_H-satisfiability, start from a branch 
which only contains (0, 0 ) T <p and keep expanding according to the rules above. A 
branch with a T ip and a F ip is propositionally closed. A (possibly infinite) branch 
which is not propositionally closed, but is closed under the rules is an accepting branch. 


improved. It also makes Jh the first justification logic with known complexity 
having a harder satisfiability problem (assuming EXP 7 ^ NEXP) than its corre¬ 
sponding modal logic. In fact, as Proposition 4, if Mh is the modal logic which 
corresponds to Jh (the modal logic with the same frame restrictions as Jh), then 
M //-satisfiability is in EXP: we can simulate the tableau procedure from Table 
3 using an exponential time algorithm an alternating polynomial space one 
actually, where we use nondeterministic existential choices to apply the tableau 
rules and universal choices to select exactly one prefix <J.{g, i) from a to explore. 
While Modal Satisfiability has been studied extensively, we are not aware of any¬ 
one investigating specifically the complexity of M //-satisfiability, so we provide 
a brief proof. 

Proposition 4. Let Mh be the four-modalities modal logic associated with the 
class of frames (W, R±, R2, R3, R4) where f? 3 ,f ?4 are serial, R3 C R 4 , and for 
(■i,j ) G {(1, 2), (2, 3), (4,4)}, if aRjbRiC, then aRiC. Then, Mh- satisfiability is 

in EXP. 

Proof (Brief). We first prove that the tableau procedure from Table 3 is sound 
and complete. From an accepting branch for (p we can construct a model for </>: let 
W be the set of prefixes that have appeared in the branch; let a G V(jp) iff a T p 
has appeared in the branch, let for i = 1,2, 3,4, r* = {(a,a.(g,i)) G W x W}, 
for i = 1,2, Ri = ri, R 3 is the transitive closure of r 3 , and R 4 is the transitive 
closure of r 3 Ur 4 . It is not hard to verify that model M = (W, R\, R 2 , R 3 , R 4 ) 
satisfies all necessary conditions and that A4, (0,0) |= <p - by inductively proving 
that if a T ip in the branch then Ml , a |= ip and if a F ip in the branch then 
M, a\f= ip. 
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On the other hand, from a model M = (IT, R\, i? 2 , R 3 , Ri) for <p we can 
make appropriate nondeterministic choices to construct an accepting branch for 
(p. We map (0,0) to a state such that Ai,w^ 0 ’ 0 ^ |= (p; then, when a.{g,i) 

appears first, it must be because of a formula of the form a T (Jiip ( or a F Oiip, 
but it is essentially the same case). If M,w a |= ()iip, then there must be some 
state w a RiW, such that M \= ip and thus we name w = w <T ^ 9 ’ l \ It is not hard 
to see that we can make such choices when applying the rules, so that if a T ip 
in the branch then M , w a \= ip if a F ip in the branch then M,w a \/= ip. In fact 
the rules of Table 3 preserve this condition right away; we just need to make 
sure that the same thing happens with the propositional rules ■ for instance, rule 
- r x can ma ^ e an appropriate choice depending on whether Ai , w a (= ip 

or M. ,w a |= X- Thus the constructed branch cannot be propositionally closed. 

What remains is to show that this tableau procedure can be simulated by an 
alternating algorithm which uses polynomial space - thus M^-satisfiability is in 
APSPACE = EXP. This can be done by applying the following method: always 
keep the formulas prefixed by a certain prefix a in memory (at first a = (0, 0)). 
First apply all the tableau rules you can on the formulas prefixed by a - possibly 
use existential nondeterministic choices for this. Then, using a universal choice, 
pick one of the prefixes o' = that were just constructed and replace the 

formulas you have in memory by the ones prefixed by a'. Repeat these steps until 
we either have a T ip and a F ip in memory or we see “enough” prefixes. In this 
case, “enough” would mean “more than 2 6 ^l”, as <p has up to \(p\ subformulas, so 
in a branch there can only be up to &\cp\ formulas prefixed by some fixed a - thus 
the algorithm only needs to use 0[\(p\) memory and if it goes through d>\cp\ + 1 
prefixes, then two of these have prefixed exactly the same set of formulas. If 
the algorithm accepts </>, then we can easily reconstruct an accepting branch by 
just taking the union of the constructed formulas, while if there is an accepting 
branch, then the algorithm can explore only parts of that branch. □ 

These results demonstrate a remarkable variability of the system. Although 
many logics in the family, including the single-agent justification logics, have a 
£%-complete satisfiability problem, which is lower than the complexity of satisfi¬ 
ability for corresponding modal logics (assuming PH ^ PSPACE), there are logics 
with PS PACE-complete, EXP-complete, and as we demonstrated in this paper, 
NEXP-complete satisfiability problems, which in the last case is a higher com¬ 
plexity than the one for the corresponding modal logic (assuming EXP ^ NEXP). 
Still, it is important to note that even in this case the reflected fragment of the 
logic remains in NP and in the absence of +, in P. 
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